Skills
skills/warpdotdev/oz-skills/slack-qa-investigate/Gen Agent Trust Hub

slack-qa-investigate

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [Indirect Prompt Injection] (LOW): The skill is susceptible to indirect prompt injection because it is designed to ingest and process untrusted data from web search results and external documentation links.
  • Ingestion points: SKILL.md instructs the agent to fetch linked pages and perform web searches to gather context.
  • Boundary markers: Absent; there are no instructions or delimiters provided to help the agent distinguish between data to be analyzed and instructions to be followed.
  • Capability inventory: The agent is permitted to perform file reads, grep searches, semantic searches, and "safe shell commands."
  • Sanitization: Absent; the skill does not specify any logic for sanitizing or validating external content before it enters the prompt context.
  • [External Downloads] (LOW): The documentation refers to an external GitHub repository for infrastructure setup from an organization not included in the trusted list.
  • Evidence: README.md recommends cloning https://github.com/warpdotdev/oz-slack-q-and-a-bot.
  • Severity: LOW, as this is a manual setup instruction for the user rather than an automated dependency or code execution within the skill's operational logic.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:18 PM